From: DANIEL STOICA Date: Tue, 7 Apr 2020 13:19:27 +0000 (+0300) Subject: Change the criticality of OS security test X-Git-Tag: 3.0.0^2 X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F43%2F3343%2F7;p=validation.git Change the criticality of OS security test JIRA: VAL-102 Added a checker for the lynis and vuls tests reports, if vulnerabilities are detected the tests fail with non-critical tag Signed-off-by: DANIEL STOICA Change-Id: I8399379aa60696cf6ce4c2aee1c2dcfb5f965fbc --- diff --git a/tests/os/lynis/lynis.robot b/tests/os/lynis/lynis.robot index 7d88c0f..de05d8d 100644 --- a/tests/os/lynis/lynis.robot +++ b/tests/os/lynis/lynis.robot @@ -40,6 +40,9 @@ Run Lynis Audit System Append To File ${log} ${stdout}${\n} Should Be Equal As Integers ${rc} 0 + ${status} = Evaluate "Great, no warnings" in """${stdout}""" + Run Keyword If '${status}' == 'False' FAIL Warnings discovered + ... non-critical *** Keywords *** Open Connection And Log In diff --git a/tests/os/vuls/vuls.robot b/tests/os/vuls/vuls.robot index 3b3a901..d79fab9 100644 --- a/tests/os/vuls/vuls.robot +++ b/tests/os/vuls/vuls.robot @@ -46,6 +46,10 @@ Run Vuls test Run Keyword IF '${os}' == 'ubuntu' Run vuls for ubuntu ELSE IF '${os}' == 'centos' Run vuls for centos ELSE FAIL Distro '${os}' not supported + ${status} = Evaluate "Total: 0" in """${LOG}""" + Run Keyword If '${status}' == 'False' FAIL Vulnerabilities discovered + ... non-critical + *** Keywords *** Run vuls for ubuntu ${os_version} = SSHLibrary.Execute Command source /etc/os-release && echo $VERSION_ID | cut -d '.' -f1 @@ -53,12 +57,14 @@ Run vuls for ubuntu ${rc} ${output} = Run And Return Rc And Output vuls report -config ${CURDIR}/config.toml -cvedb-sqlite3-path=${CURDIR}/cve.sqlite3 -ovaldb-sqlite3-path=${CURDIR}/oval_ubuntu_${os_version}.sqlite3 Should Be Equal As Integers ${rc} 0 Append To File ${LOG_PATH}/vuls.log ${output}${\n} + Set Global Variable ${LOG} ${output} Run vuls for centos ${rc} ${output} = Run And Return Rc And Output vuls report -config ${CURDIR}/config.toml -cvedb-sqlite3-path=${CURDIR}/cve.sqlite3 -ovaldb-sqlite3-path=${CURDIR}/oval_centos.sqlite3 -gostdb-sqlite3-path=${CURDIR}/gost_centos.sqlite3 Should Be Equal As Integers ${rc} 0 Append To File ${LOG_PATH}/vuls.log ${output}${\n} + Set Global Variable ${LOG} ${output} Open Connection And Log In Open Connection ${HOST} - Login With Public Key ${USERNAME} ${SSH_KEYFILE} \ No newline at end of file + Login With Public Key ${USERNAME} ${SSH_KEYFILE}